I will admit that I roll my eyes, even if it is only on the inside some times, when I see people with tape or some other device covering the webcam on their laptop. My self-righteous logic goes like this: most people I interact with are using the computers I see them using for business purposes, and they likely aren’t perched on a night stand or bathroom counter in the evenings or early mornings. If the webcam on my laptop was hijacked, the perpetrator would be exposed to hours upon hours of me making faces in reaction to emails and instant messages from co-workers. Audio is a much, much larger threat to confidentiality, and I have yet to see anyone taking action against the built in microphone on their laptops. Maybe as humans, we feed that someone secretly watching us is more of an invasion of privacy, but it doesn’t take a lot of thought to conclude that an attacker would obtain far more value from listening, than from looking. That is, unless the attacker is a doing it for blackmail or out of some twisted, possibly perverted obsession with spying on people.
A few days back, The Verge posted the following video on Twitter:
Should you put tape over your webcam? pic.twitter.com/JA5wYaZ4yw
— The Verge (@verge) October 28, 2017
A casual listen to the video left me laughing it off: haha – tape on the webcam won’t really do a lot, but it may make you feel better. I listened to it again though, and caught something I missed the first time. The narrator interviewed Todd Beardsley from Rapid7. Kudos to Todd for giving what I thought was an amazingly insightful reason for covering a webcam. In the video, I believe Todd called it “superstitious”, however the point he was making is very important and accurate. If we believe something about ourselves, we generally act accordingly. Todd is explaining that if I put a piece of tape on my webcam, that tape serves as a constant reminder throughout my work day that I am a security minded person. One of the really interesting findings in behavioral psychology is that our mindset is often based on a perception we have of ourselves that according to what we have previously done. I have to be – I put tape on my webcam after all. And that constant reminder will permeate into decisions I make that have security consequences, such as picking a better password than I otherwise would, or thinking twice before clicking on a link. As technologists, that idea probably doesn’t sit well because we expect that it wouldn’t work on “us”. However, in the world of psychology unlike the world of computers, things are not deterministic and are more about averages. So yes, this phenomenon will not work every time for every one or to the same extent every time, but on average, it likely does have some beneficial effect, and therefore I am going to stop rolling my eyes when I see tape over webcams.
As I learn more about behavioral psychology, it’s clear that there is a lot of opportunity to explore potential benefits for making security improvements. If you are interested in learning more, I recommend reading books by Dan Ariely, Daniel Kahneman, Richard Thaler, and Tom Gilovich.
*note: some of my twitter friends pointed out that that tape their webcam to ensure they are not caught by surprise when joining webex-style meetings. That makes sense.